"""
Copyright (c) 2022 Huawei Technologies Co.,Ltd.

openGauss is licensed under Mulan PSL v2.
You can use this software according to the terms and conditions of the Mulan PSL v2.
You may obtain a copy of Mulan PSL v2 at:

          http://license.coscl.org.cn/MulanPSL2

THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
See the Mulan PSL v2 for more details.
"""
"""
Case Type   : 防篡改
Case Name   : 连续登录失败锁定帐号
Create At   : 2022/3/7
Owner       : @daiguatutu
Description :
    1.设置参数并重启数据库enableSeparationOfDuty=on
    gs_guc set -N all -I all -c enableSeparationOfDuty=on;
    gs_om -t restart
    2.创建不同权限的4个用户
    4个用户的权限分别为'','sysadmin','createrole','auditadmin'
    drop user if exists [自定义用户] cascade;
    create user [自定义用户] with [不同权限] identified by '[自定义用户密码]' ;
    3.不同的用户分别以错误密码连续登录(执行10次)
    gsql -d postgres -p [端口号] -r -U [自定义用户] -W [错误密码]
    4.不同的用户分别以正确密码登录
    gsql -d postgres -p [端口号] -r -U [自定义用户] -W [自定义用户密码]
    5.清理环境
    drop user if exists [自定义用户] cascade;
    gs_guc set -N all -I all -c enableSeparationOfDuty=off;
    gs_om -t restart
Expect      :
    1.成功
    2.成功
    3.登录失败
    4.账号被锁定
    5.清理环境成功
History     :
"""

import os
import unittest

from testcase.utils.Common import Common
from testcase.utils.CommonSH import CommonSH
from testcase.utils.Constant import Constant
from testcase.utils.Logger import Logger
from yat.test import Node
from yat.test import macro


class Security(unittest.TestCase):
    def setUp(self):
        self.log = Logger()
        self.log.info(f'-----{os.path.basename(__file__)} start-----')
        self.pri_node = Node(node='PrimaryDbUser')
        self.pri_sh = CommonSH('PrimaryDbUser')
        self.constant = Constant()
        self.common = Common()
        self.u_name = 'u_security_access_lock_0001'
        self.user_privileges = {f'{self.u_name}_01': '',
                                f'{self.u_name}_02': 'sysadmin',
                                f'{self.u_name}_03': 'createrole',
                                f'{self.u_name}_04': 'auditadmin'}
        self.default_value1 = self.common.show_param('enableSeparationOfDuty')

    def test_security(self):
        text = '-----step1：设置参数并重启数据库enableSeparationOfDuty=on; ' \
               'expect:成功-----'
        self.log.info(text)
        mod_msg = self.pri_sh.execute_gsguc('set',
                                            self.constant.GSGUC_SUCCESS_MSG,
                                            'enableSeparationOfDuty=on')
        self.assertTrue(mod_msg, '执行失败:' + text)
        result = self.pri_sh.restart_db_cluster()
        self.assertTrue(result, '执行失败' + text)

        for user, privilege in self.user_privileges.items():
            text = f'-----step2：创建权限为{privilege}的用户{user} expect:成功-----'
            self.log.info(text)
            create_cmd = f"drop user if exists {user} cascade; " \
                f"create user {user} with {privilege} " \
                f"identified by '{macro.GAUSSDB_INIT_USER_PASSWD}' ; "
            msg = self.pri_sh.execut_db_sql(create_cmd)
            self.log.info(msg)
            self.assertIn(self.constant.DROP_ROLE_SUCCESS_MSG, msg,
                          '执行失败:' + text)
            self.assertIn(self.constant.CREATE_ROLE_SUCCESS_MSG, msg,
                          '执行失败:' + text)

            text = f'-----step3：用户{user}以错误密码连续登录(执行10次); expect:登录失败-----'
            self.log.info(text)
            for i in range(10):
                connect = f'-U {user} -W {macro.GAUSSDB_INIT_USER_PASSWD}123'
                msg = self.pri_sh.execut_db_sql('', sql_type=connect)
                self.log.info(msg)
                self.assertIn(self.constant.INVALID_USERNAME_OR_PASSWD_TYPE,
                              msg, '执行失败:' + text)

            text = f'-----step4：用户{user}以正确密码登录; expect:账号被锁定-----'
            self.log.info(text)
            connect = f'-U {user} -W {macro.GAUSSDB_INIT_USER_PASSWD}'
            msg = self.pri_sh.execut_db_sql('', sql_type=connect)
            self.log.info(msg)
            self.assertIn(self.constant.ACCOUNT_LOCKED_TYPE,
                          msg, '执行失败:' + text)

    def tearDown(self):
        self.log.info('-----step5：清理环境-----')
        text1 = '-----删除用户 expect:成功-----'
        self.log.info(text1)
        drop_msg = []
        for user in self.user_privileges.keys():
            drop_cmd = f"drop user if exists {user} cascade; "
            msg = self.pri_sh.execut_db_sql(drop_cmd)
            self.log.info(msg)
            drop_msg.append(msg)

        text2 = '-----修改参数enableSeparationOfDuty为初始值并重启数据库 expect:成功-----'
        self.log.info(text2)
        mod_msg1 = self.pri_sh.execute_gsguc('set',
                                             self.constant.GSGUC_SUCCESS_MSG,
                                             f'enableSeparationOfDuty='
                                             f'{self.default_value1}')
        restart_res = self.pri_sh.restart_db_cluster()

        self.log.info('-----断言tearDown执行成功-----')
        self.assertEqual(4,
                         drop_msg.count(self.constant.DROP_ROLE_SUCCESS_MSG),
                         '执行失败:' + text1)
        self.assertTrue(mod_msg1, '执行失败:' + text2)
        self.assertTrue(restart_res, '执行失败:' + text2)
        self.log.info(f'-----{os.path.basename(__file__)} end-----')
